The Indian government is reportedly pushing for new security regulations that would require smartphone manufacturers to provide access to their operating system source code and integrate automatic, unremovable malware scanning capabilities into devices sold in the country. This initiative, which has drawn resistance from major tech companies like Apple and Samsung, could significantly impact global tech governance and the security models of smartphones worldwide.
Reports emerged this week, indicating that the Indian government is considering making a package of 83 security standards, drafted in 2023, legally binding. At the core of these proposals is a demand for smartphone manufacturers to allow government-approved Indian laboratories to access and review their proprietary source code, which is described as the DNA of every smartphone operating system
.
Additionally, the government seeks automatic malware scanning capabilities that users cannot remove, as well as requirements for manufacturers to notify the National Centre for Communication Security about major software updates and security patches before their release to users. This has been met with opposition from companies such as Apple and Samsung, who reportedly view these demands as unprecedented and a risk to intellectual property. The Ministry of Electronics and Information Technology (MeitY) has, however, refuted claims that it has proposed a mandate for source code sharing, characterizing ongoing discussions as stakeholder consultations to develop a robust mobile security framework.
This development is framed as a critical test of whether national governments can compel global tech companies to fragment their security models based on local demands. According to government documentation cited in reports, such extensive requirements are not currently mandated by major countries in the European Union, North America, Australia, or Africa. India, with an estimated 750 million smartphone users, is the world’s second-largest smartphone market, and its digital economy is projected to surpass $1 trillion by 2030. This substantial economic leverage is seen as a driver for India to pioneer a new model of digital sovereignty that could inspire similar legislation globally, potentially leading to a balkanized smartphone ecosystem. Industry representatives, including the Indian Mobile and Internet Industry Association (MAIT), have argued that such a demand is impossible
and lacks international precedent.
The stated reason for these proposed measures is the Indian government’s push to strengthen digital security and protect user data amid a rise in online fraud and data breaches. India’s vision of Viksit Bharat 2047
, aiming for a developed, inclusive, and globally respected nation, relies on achieving digital sovereignty, which is defined as the capacity to govern its own digital infrastructure, data, AI systems, and identity frameworks. The government’s desire to implement automatic malware scanning capabilities that users cannot remove suggests an intent to effectively remove user consent as a meaningful choice
in certain security aspects.
The precise timeline for any potential implementation of these requirements remains unclear, as does the exact nature of penalties for non-compliance. While the MeitY has denied proposals for source code sharing, the specifics of what a robust mobile security regulatory framework
would entail are yet to be fully defined and publicly disclosed.
The ongoing consultations between the Indian government and smartphone manufacturers are expected to continue. The outcome could either lead to a modified set of regulations that accommodate industry concerns or a continued push for stricter controls, potentially forcing tech companies to develop India-specific versions of their operating systems. This situation highlights the evolving tension between national security objectives and the globalized nature of technology manufacturing.
Users should remain informed about developments in digital privacy and security regulations, particularly concerning smartphone ecosystems. It is advisable to regularly review and understand the privacy policies and security features offered by their device manufacturers and operating system providers. Actively managing app permissions and staying vigilant against phishing attempts and malware remain critical practices for personal digital security. Enabling two-factor authentication on all accounts is also a recommended step.
Follow us on Bluesky , LinkedIn , and X to Get Instant Updates
